Apple and Google have been working for the last few months to build a standard that can assist with CovidI-19 exposure notification. As the technology has started to roll out to devices, a lot of people who may not have been paying attention are suddenly wondering why they now have a setting for "COVID-19 Exposure Logging," and whether that means that their iPhone is tracking them.

There is, understandably, some understandable confusion about what exactly that setting means, and whether it's a problem that Apple would add such a feature even without users asking for it.

I want to break down what it actually means, but let me start with this: The only thing that has changed is that the most recent versions of iOS (13.5 and later) and Android have made it possible for app developers to leverage Bluetooth technology to share encrypted keys that can be used for exposure notification.

I've written about how that technology works, but here's a basic overview:

[Tracing keys] are generated randomly on the device, transmitted by Bluetooth beacons, and stored only on the device. Only the key associated with a device that tested positive is uploaded to the server for the health organization, and those are then downloaded to be compared locally on user devices. The tracing keys are randomly generated every 10-20 minutes to further prevent individual user tracking.

Those keys are also using AES encryption, which prevents someone from intercepting personal information that could be used to identify the device or individual. Apple and Google also indicated that the keys don't include location information, which provides another layer of privacy protection.

The important information is that no personal data about you or your device is uploaded with they key, and the server doesn't store those keys, or even do the matching. All of that happens at the device level. And even the information that is transmitted only occurs after a verified positive test for Covid-19.

The reason this is so important is that it makes it possible for people who may have come in prolonged contact for with someone who tests positive to be notified of that potential exposure and then get tested themselves. 

As restaurants, offices, book stores, and schools start to reopen, there's obviously a greater chance that any of us may be exposed to that very situation. Apple and Google recognized early on that creating a common standard that would allow iOS and Android devices to share keys via Bluetooth would give public health organizations a powerful tool in fighting the spread of the pandemic.

At the same time, both tech companies realized that the tool would only be useful if people actually use it. That only happens if users are sure that their privacy is being protected and that their sensitive health information isn't being collected by Apple or Google, or that it isn't being stored on a central server--especially one that the government could access.

 inline image

In iOS 13.5 or later, this particular setting is located at Settings > Privacy > Health. There you'll find COVID-19 Exposure Logging right at the top. By default this is turned off. 

If you tap on the setting, you'll find that you can't even turn on the technology without installing an authorized app. Apple and Google have said they will only work with official public health organizations who develop apps. 

If you've downloaded an authorized app, you'll see it listed on that page. You can also confirm whether any requests have been made to check your exposure log by tapping on Exposure Checks.

While it has caught some people off guard, the setting option is actually an additional layer of privacy protection. Not only can you avoid downloading an app, even if you do you can still turn the whole thing off altogether.